We recently upgraded a non-production SQL Server 2008 R2 system to SP3, and then Windows Updates installed the latest Security Update (10.50.6560.0). I see that TLS 1.2 support for 2008 R2 is provided in 10.50.6542.0, but that update will not install on top of 6560. Login attempts are failing and I can see in Event Viewer that the client is requesting TLS 1.2, but the server doesn't support it.
SSMS returns:
…(provider: SSL Provider, error: 0 – An existing connection was forcibly closed by the remote host.)
(Microsoft SQL Server, Error: 10054)
System Event Log on server:
Event ID 36874
An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
I have tried updating the various SQL clients on both client and server, enabling TLS 1.2 in the registry on the server (and rebooting), to no avail. So now I'm beginning to think that build 6560 doesn't support it, and if that's the case, I have to uninstall it somehow so that I can install build 6542 first.
We have other servers running the same build that work fine, so I'm trying to find what's different about this server–no luck yet.
Best Answer
Build 10.50.6560.0 does support TLS 1.2. I was able to resolve the problem by installing a new certificate from our CA. Apparently the older certificates that are on the server are not capable of supporting TLS 1.2.
TLS 1.2 support for Microsoft SQL Server includes information regarding the client and server versions that are required to support TLS 1.2.